Problem sa eksternim diskom

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Imam 3 eksterna diska. Dva su prikačena preko USB portova a jedan je prikačen preko FireWire kartice.
Na jedan od ta tri diska koji je prikačen preko USB porta počelo je prvo da se pojavljuje da ne mogu da ispraznim Recycle Bin a od juče se pojavljuje i autorun.info i neki folder colorado.
Ništa od toga nisam dirao, probao sam da obrišem ali ne mogu.
Inače, već godinu dana koristim USBNoRisk i Total Commander (hvala Bobbyju na savetu i pomoći) tako da nisam imao problema sa USB virusima (da ih tako nazovem) iako sam trpao USB Flesh gde god sam stigao i uvek sam uz pomoć ova dva pomenuta programa rešavao problem. Da napomenem, nikada ova 3 harda nisam trpao u druge kompjutere, uvek su zakačeni samo na moj komp i uvek su ugašeni, palim ih samo prema potrebi i niakad ih nisam palio a da je običan USB flesh bio u kompu i uvek pre nego ubodem USB flesh upalim USBNoRisk.

Kada uđem Total Commanderom u taj eksterni hard, nema onih shortcut-eva koji su karakteristika za viruse koji napadaju USB diskove (No Mimic found), vidim čiste foldere i taj folder colorado i autorun.info.
Kada uključim USBNoRisk i upalim taj hard, posle minut-dva USBNoRisk se zakuje.

Koristio sam NOD 32 stariju verziju a od juče sam prešao na noviju verziju.

Imam WinXP sa service Pack 2.
Nisam ništa probao da čistim i da brčkam.
Koristim Broadband vezu od 5 Mbs.


Hvala unapred na pomoći.

Pratio sam uputstvo za postovanje nove teme i evo logova:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Eldar at 16:12:36 on 2011-10-17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.643 [GMT 2:00]
.
AV: Doctor Web Anti-Virus *Enabled/Updated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Ipko Net\Ipko Net\fts.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Eldar\Application Data\Mis portables\turbo\portable\TurboLaunch.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Ipko Net\Ipko Net\FWPortal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Taskman=c:\documents and settings\eldar\bncto.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [%FP%Ipko Net fts.exe] "c:\program files\ipko net\ipko net\fts.exe"
mRun: [CAPON] c:\windows\system32\spool\drivers\w32x86\3\CAPONN.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\eldar\startm~1\programs\startup\turbol~1.lnk - c:\documents and settings\eldar\application data\mis portables\turbo\portable\TurboLaunch.exe
IE: Download All by FlashGet - d:\programs\misc\portable flashget v1.71\portable flashget\flashget\jc_all.htm
IE: Download using FlashGet - d:\programs\misc\portable flashget v1.71\portable flashget\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: Interfaces\{78CC348B-85CD-4D08-BB17-413F835FD2EA} : NameServer = 80.80.160.8 80.80.160.9
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\eldar\application data\mozilla\firefox\profiles\gn85vhxc.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\documents and settings\eldar\application data\mozilla\firefox\profiles\gn85vhxc.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Paste and Go 3: omiazad@msn.com - %profile%\extensions\omiazad@msn.com
FF - Ext: Winstripe Modern: winstripemodern36@webdesigns.ms11.net - %profile%\extensions\winstripemodern36@webdesigns.ms11.net
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Snap Links Plus: snaplinks@snaplinks.mozdev.org - %profile%\extensions\snaplinks@snaplinks.mozdev.org
FF - Ext: Add N Edit Cookies: {038dc421-b19e-4711-a218-1fd10de9163b} - %profile%\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
.
============= SERVICES / DRIVERS ===============
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2009-3-8 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2009-3-8 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-11 96408]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [2009-3-7 22912]
S0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys --> c:\windows\system32\drivers\spiderg3.sys [?]
S2 BeatTrojanHelperOne;BeatTrojanHelperOne;\??\c:\documents and settings\eldar\desktop\mosoforcedelete\beattrojanhelperone.sys --> c:\documents and settings\eldar\desktop\mosoforcedelete\BeatTrojanHelperOne.sys [?]
S3 block_reader;MPR DRV;d:\programs\recovery\multi_password_recovery_1.2.2\multi password recovery 1.2.2 portable\block_reader.sys [2010-7-13 1920]
.
=============== Created Last 30 ================
.
2011-10-17 10:05:04 -------- d-----w- c:\program files\ESET
2011-10-17 10:00:07 -------- d-----w- c:\documents and settings\eldar\local settings\application data\Temp
2011-10-17 10:00:07 -------- d-----w- c:\documents and settings\eldar\local settings\application data\Adobe
2011-10-17 04:50:06 -------- d-----w- c:\documents and settings\eldar\local settings\application data\Identities
2011-10-16 10:43:57 -------- d-----w- c:\program files\Desktop
2011-10-15 08:26:18 -------- d-----w- c:\windows\system32\appmgmt
2011-10-15 07:27:05 -------- d-----w- c:\program files\common files\Doctor Web
2011-10-15 07:26:30 -------- d-----w- c:\documents and settings\all users\application data\Doctor Web
2011-10-10 09:58:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-05 04:40:03 719872 ----a-w- c:\windows\system32\devil.dll
2011-10-05 04:40:02 314368 ----a-w- c:\windows\system32\avisynth.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2011-10-15 13:25:10 848 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
.
============= FINISH: 16:13:15.43 ===============




https://www.mycity.rs/must-login.png


Gmer fajlovi:


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Preuzmi program OTM na Desktop.

Dvoklikom pokreni OTM.exe

U (levi) prozor programa (ispod Paste Instructions for Items to be Moved) iskopiraj sve što se nalazi unutar Kod polja:

:processes
killallprocesses

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Taskman"=-

:files
c:\documents and settings\eldar\bncto.exe

:Commands
[emptytemp]
[Reboot]

Klikni MoveIt!
Po završetku procesa, u desnom prozoru programa (ispod Results), će se nalaziti tekst koji je potrebno iskopirati u poruku na forumu.


Ukoliko se pojavi upit:

Confirm ::The system requires a reboot to finish removing files.
Do you want to reboot now?

kliknuti Yes kako bi se kompjuter restartovao i proces bio dovršen.

Nakon ponovnog pokretanja sistema, logfile će se automatski otvoriti u Notepadu.
Potrebno je iskopirati sadržaj tog loga u poruku na forumu.





Korak 2

Preuzmi svjež DDS i posatvi mi njegov log na forum.






Sass Drake, MyCity AMF tim

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Sve odradih kako si rekao.
Evo OTM fajla:

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Taskman deleted successfully.
========== FILES ==========
File/Folder c:\documents and settings\eldar\bncto.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Eldar
->Temp folder emptied: 12239 bytes
->Temporary Internet Files folder emptied: 93116034 bytes
->FireFox cache emptied: 36769887 bytes
->Flash cache emptied: 3773118 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1862226 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 131.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 10172011_220122

Files moved on Reboot...

Registry entries deleted on Reboot...


--------------------------------------------------

Evo i DDS fajla:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Eldar at 22:05:09 on 2011-10-17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.636 [GMT 2:00]
.
AV: Doctor Web Anti-Virus *Enabled/Updated* {3454C8F1-ECBC-4180-A6F4-04632FBA762B}
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Ipko Net\Ipko Net\fts.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Eldar\Application Data\Mis portables\turbo\portable\TurboLaunch.exe
C:\Program Files\Ipko Net\Ipko Net\FWPortal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [%FP%Ipko Net fts.exe] "c:\program files\ipko net\ipko net\fts.exe"
mRun: [CAPON] c:\windows\system32\spool\drivers\w32x86\3\CAPONN.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\eldar\startm~1\programs\startup\turbol~1.lnk - c:\documents and settings\eldar\application data\mis

portables\turbo\portable\TurboLaunch.exe
IE: Download All by FlashGet - d:\programs\misc\portable flashget v1.71\portable flashget\flashget\jc_all.htm
IE: Download using FlashGet - d:\programs\misc\portable flashget v1.71\portable flashget\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: Interfaces\{78CC348B-85CD-4D08-BB17-413F835FD2EA} : NameServer = 80.80.160.8 80.80.160.9
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\eldar\application data\mozilla\firefox\profiles\gn85vhxc.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\documents and settings\eldar\application

data\mozilla\firefox\profiles\gn85vhxc.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Paste and Go 3: omiazad@msn.com - %profile%\extensions\omiazad@msn.com
FF - Ext: Winstripe Modern: winstripemodern36@webdesigns.ms11.net - %profile%\extensions\winstripemodern36@webdesigns.ms11.net
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Snap Links Plus: snaplinks@snaplinks.mozdev.org - %profile%\extensions\snaplinks@snaplinks.mozdev.org
FF - Ext: Add N Edit Cookies: {038dc421-b19e-4711-a218-1fd10de9163b} - %profile%\extensions\{038dc421-b19e-4711-a218-1fd10de9163b}
.
============= SERVICES / DRIVERS ===============
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2009-3-8 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2009-3-8 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-11 96408]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
R2 RapidPort;RapidPort;c:\windows\system32\drivers\CAPLPTN.SYS [2009-3-7 22912]
S0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys --> c:\windows\system32\drivers\spiderg3.sys [?]
S2 BeatTrojanHelperOne;BeatTrojanHelperOne;\??\c:\documents and settings\eldar\desktop\mosoforcedelete\beattrojanhelperone.sys --> c:\documents and

settings\eldar\desktop\mosoforcedelete\BeatTrojanHelperOne.sys [?]
S3 block_reader;MPR DRV;d:\programs\recovery\multi_password_recovery_1.2.2\multi password recovery 1.2.2 portable\block_reader.sys [2010-7-13 1920]
.
=============== Created Last 30 ================
.
2011-10-17 20:01:22 -------- d-----w- C:\_OTM
2011-10-17 10:05:04 -------- d-----w- c:\program files\ESET
2011-10-17 10:00:07 -------- d-----w- c:\documents and settings\eldar\local settings\application data\Temp
2011-10-17 10:00:07 -------- d-----w- c:\documents and settings\eldar\local settings\application data\Adobe
2011-10-17 04:50:06 -------- d-----w- c:\documents and settings\eldar\local settings\application data\Identities
2011-10-16 10:43:57 -------- d-----w- c:\program files\Desktop
2011-10-15 08:26:18 -------- d-----w- c:\windows\system32\appmgmt
2011-10-15 07:27:05 -------- d-----w- c:\program files\common files\Doctor Web
2011-10-15 07:26:30 -------- d-----w- c:\documents and settings\all users\application data\Doctor Web
2011-10-10 09:58:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-05 04:40:03 719872 ----a-w- c:\windows\system32\devil.dll
2011-10-05 04:40:02 314368 ----a-w- c:\windows\system32\avisynth.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-09-29 08:25:02 126976 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2011-10-15 13:25:10 848 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
.
============= FINISH: 22:05:52.04 ===============






https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sačekaj koji sekund dok program izvrši inicijalno skeniranje.
- Ubacuj sve USB memorijske uređaje redom u USB slot i svaki zadrži u slotu po 10 sekundi.
- Ukoliko imaš više uredjaja za proveru, onda na parčetu papira zapiši kojim redom su ubacivani jer će nam kasnije trebati taj podatak
- Kada završiš sa svim uređajima, klikni desno dugme miša na sred prozora programa i odaberi opciju Save scrambled log. To će automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.





Sass Drake, MyCity AMF tim

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Probao sam da ih uključujem redom, baš kao što si rekao. Kada uključim i treći onda USBNoRisk jednostavno zakuje.
Onda sam uključio prva dva i evo loga za njih:
USBNoRisk 2.7 (28 December 2010) by bobby

Started at 10/18/2011 6:08:28 AM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {a532a7b0-662f-11de-96b5-806d6172696f}
D: {a532a7b1-662f-11de-96b5-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for a532a7b0-662f-11de-96b5-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for a532a7b1-662f-11de-96b5-806d6172696f
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 10/18/2011 6:08:47 AM

Scanning for connected USB mass storage...
----------------------------------------
E: {61d816b6-d861-11e0-a860-5050506f4531}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on E:
----------------------------------------
No autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 61d816b6-d861-11e0-a860-5050506f4531
----------------------------------------

No Desktop.ini files found on E:
----------------------------------------

No mimics found on drive E:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive E:
========================================



New device connected at 10/18/2011 6:10:08 AM

Scanning for connected USB mass storage...
----------------------------------------
H: {010d4143-0b3d-11de-9ea5-5050506f4531}
Added H:
========================================

Scanning USB mass storage for files...
----------------------------------------
Blocked file found: H:\autorun.inf.blocked
----------------------------------------
Content of H:\autorun.inf.blocked
----------------------------------------
[autorun]
USEAUTOPLAY=1
shellexcute=colorado/river.exe
Shellaasasasa
shell\\explore\\command=colorado/river.exe
shell\open\\command=colorado/river.exe
icon=colorado/river.exe
open=colorado/river.exe
action=open folders to view files using Windows Explorer
----------------------------------------

----------------------------------------
No autorun.inf files found on H:
No mountpoint found for H:
No mountpoint found for 010d4143-0b3d-11de-9ea5-5050506f4531
----------------------------------------

No Desktop.ini files found on H:
----------------------------------------

No mimics found on drive H:
----------------------------------------

.lnk/.pif/.com/.scr files found on drive H:
========================================

========================================
Removed E:
========================================


New device connected at 10/18/2011 6:28:23 AM

Scanning for connected USB mass storage...
----------------------------------------
E: {61d816b6-d861-11e0-a860-5050506f4531}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on E:
----------------------------------------
No autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 61d816b6-d861-11e0-a860-5050506f4531
----------------------------------------

No Desktop.ini files found on E:
----------------------------------------

No mimics found on drive E:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive E:
========================================

========================================
Removed E:
========================================


New device connected at 10/18/2011 6:30:10 AM

Scanning for connected USB mass storage...
----------------------------------------
E: {61d816b6-d861-11e0-a860-5050506f4531}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on E:
----------------------------------------
No autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 61d816b6-d861-11e0-a860-5050506f4531
----------------------------------------

No Desktop.ini files found on E:
----------------------------------------

No mimics found on drive E:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive E:
========================================




Posle toga sam uključio i treći. Napominjem da je problematični u prvom logu.
U vezi trećeg harda...nikako USBNoRisk ne može da ga odskenira...stoji tako uključeno po 10 minuta i jednostavno programčić zakuje. Na tom hardu nema ništa sumnjivo, osim foldera RECYCLER.
Probaću opet kasnije da ga odskeniram.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Korak 1

Skini i instaliraj MCShield. Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.

Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html





Korak 2

Priključi prvi i treći redom i svaki zadrži dok MCShield ne završi skeniranje.
Kad završiš sa poslednjim uređajem, kopiraj na forum sadržaj fajla AllScans.txt.

Start -> Run -> %UserProfile%\Application Data\MCShield\AllScans.txt -> Enter






Sass Drake, MyCity AMF tim

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala na programu.
Ja sam uključio sva tri harda. Nadam se da nisam nešto pogrešno odradio mada si tražio da upalim prvi i treći hard.
Evo loga:

<<< MCShield v1.4.3 >>> Monitoring started at 10/18/2011 4:31:18 PM



10/18/2011 4:57:31 PM > Scanning drive E: (New Volume ~596 GB, NTFS HDD )...



=> The drive seems clean.



10/18/2011 4:57:48 PM > Scanning drive I: (no label ~149 GB, NTFS HDD )...



=> The drive seems clean.



10/18/2011 4:58:03 PM > Scanning drive H: (no label ~149 GB, NTFS HDD )...



=> The drive seems clean.

• 1Ovo se svidja korisniku: goran9888
  
  Registruj se da bi pohvalio/la poruku!

Analizom priloženih izvještaja ustanovljeno je da nemaš aktivan malware u sistemu.
Sa eksternog diska ručno izbriši fajl autorun.inf.blocked i folder Colorado.






Preporučujem ti da instaliraš Service Pack 3 za Windows XP tj. update-uješ svoj Operativni Sistem. Neću govoriti o njegovim prednostima u odnosu na Service Pack 2. Te informacije mošes naći na MS-ovom sajtu. Uglavnom, MS je 13.jula 2010 prekinuo podršku za Service Pack 2 koji je instaliran na tvom računaru.

Šta to znači? Pogledaj link: http://windows.microsoft.com/en-US/windows/help/what-does-end-of-support-mean;

**** Ukoliko se odlučiš na ovaj korak (instaliranje SP3), preporučujem ti da prethodno uradiš backup svih bitnih podataka.






Obavezno posjeti temu Testirajte da li vam je pretrazivac ranjiv, pročitaj i isprati link koji stoji u njoj.






Programe korišćene u riješavanju slučaja možeš da izbrišeš, a MCShield preporučujem da zadržiš i ako si voljan, da ga predložiš prijateljima i poznanicima.




Pozdrav,
Sass Drake, MyCity AMF tim

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sass Drake, hvala na ukazanoj pomoći, sada mi je malo lakše.
MCShield sam zadržao, da se ne bakćem više sa USBNoRisk i Total Commanderom.

Folder colorado i autorun.info sam ručno obrisao, uspeo sam iako sam pre pokušavao ali nije išlo.
Postoji još jedan folder koji se zove RECYCLER i njega ne mogu nikako da obrišem.
E sada...ako sam nešto obrisao sa tog harda i Recycle Bin na Desktopu pokaže da ima nešto u njoj (normalna stvar) i krenem da ispraznim Recycle Bin pogledaj šta se dešava:



Ako sam nešto obrisao i sa Desktopa ili bilo odakle, ne mogu da ispraznim Recycle Bin sve dok ne ugasim taj hard pa tek onda.
Možeš li mi pomoći oko toga?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvori temu u Windows forumu. Ovdje riješavamo samo probleme vezane za infekcije malware-om.